On 29/03/12 04:54 AM, Raymond Forbes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
We are in the process of defining and review the process we use for
generating and revoking receipts. This is a complicated process that
involves signing with a Hardware Security Module.
Are you
I have revised the wiki page [1] with:
1. A more detailed assessment of the "captured signing key" threat, including a
breakdown of the theft-detected and theft-not-detected scenario.
2. A first cut at revocation and receipt-reissuance, which would be required
when a signing key theft is detect
They're in the text, just not wikified. I'll fix it.
m
On Mar 28, 2012, at 1:21 PM, Michael Coates wrote:
> There is a reference in the wiki to appendices. Can we add those?
>
> -Michael
>
> On 3/28/12 10:54 AM, Raymond Forbes wrote:
>> Hello,
>>
>> We are in the process of defining and revi
Interesting. Could this service be used to simply sign
timestamps, to solve the provenance problem in web content?
The idea is to be able to prove that a given piece of
content existed at a specific time. A public signing service
which accepts a hash value, and returns a signed item with
There is a reference in the wiki to appendices. Can we add those?
-Michael
On 3/28/12 10:54 AM, Raymond Forbes wrote:
> Hello,
>
> We are in the process of defining and review the process we use
> for generating and revoking receipts. This is a complicated
> process that involves signing with a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
We are in the process of defining and review the process we use for
generating and revoking receipts. This is a complicated process that
involves signing with a Hardware Security Module. Please take a look
at the spec that we have so far and
On Tue, 27 Mar 2012 18:29:29 -0700
John Nagle wrote:
> How can a free CA afford to validate its customers?
>
Check out startssl.com. It's only a few cpu cycles to certify a
domain via email or html file which is the only unforgeable level of
cert. Yes security of the key needs to be paid for
On 28/03/12 02:40, John Nagle wrote:
On 9/2/2011 11:42 PM, Daniel Veditz wrote:
On 8/31/11 3:52 PM, Hill, Brad wrote:
Mozilla could add a certificate it controls to the trusted root
store with which it cross-signs other CA certs, adding a
nameConstraints in the process, yes?
In theory. In pra
